Skype is a voice, video and chat communications platform with over 600 million users worldwide, effectively making it one of the world’s largest telecommunications companies. Many of its users rely on Skype for secure communications—whether they are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends.

It is unfortunate that these users, and those who advise them on best security practices, work in the face of persistently unclear and confusing statements about the confidentiality of Skype conversations, and in particular the access that governments and other third parties have to Skype user data and communications.

We understand that the transition of ownership to Microsoft, and the corresponding shifts in jurisdiction and management, may have made some questions of lawful access, user data collection, and the degree of security of Skype communications temporarily difficult to authoritatively answer. However, we believe that from the time of the original announcement of a merger in October 2011, and on the eve of Microsoft’s integration of Skype into many of its key software and services, the time has come for Microsoft to publicly document Skype’s security and privacy practices.

We call on Skype to release a regularly updated Transparency Report that includes:

They should do that, but really it's a no-brainer - Microsoft has to comply with the patriot act.

While there might not have been (but I'd be surprised if there weren't) any backdoors in Skype prior to the MS purchase, there certainly were means to see exactly what was going on. And while it might not be official now, there's definitely regular backdoors in Skype now.

Who on earth would use non-opensource programs for secure communications anyway?

(oh yeah. I need to kick myself in the hiney and get fSekrit brushed up for opensource release. Version3 de/serialization and PBKDF2 wasn't the funniest code to implement, so both those features are halfway-done at the moment).

They should do that, but really it's a no-brainer - Microsoft has to comply with the patriot act.

While there might not have been (but I'd be surprised if there weren't) any backdoors in Skype prior to the MS purchase, there certainly were means to see exactly what was going on. And while it might not be official now, there's definitely regular backdoors in Skype now.

Who on earth would use non-opensource programs for secure communications anyway?

Spot on. The Patriot Act says that all communications will have back doors for government surveillance. It's the New World Order that the U.S. is hell-bent on achieving. It all started when a dumb-ass coke-snorting rich-boy president named GW Bush decided it would be a good thing to do. Geeze, what an idiot....

There is already concern that Chinese and Korean built mobile phones can potentially be used to collect data for their parent companies. Currently Samsung are working on buying Blackberry - which is causing some consternation in Canada from a security point of view!

So if I use Skype in the UK to communicate with someone in the UK it is subject to the US Patriot Act?

Yes.

Various provisions allowed for the disclosure of electronic communications to law enforcement agencies. Those who operate or own a "protected computer" can give permission for authorities to intercept communications carried out on the machine, thus bypassing the requirements of the Wiretap statute. The definition of a "protected computer" is defined in 18 U.S.C. § 1030(e)(2) and broadly encompasses those computers used in interstate or foreign commerce or communication, including ones located outside the United States.

So if I use Skype in the UK to communicate with someone in the UK it is subject to the US Patriot Act?

Yes.

Various provisions allowed for the disclosure of electronic communications to law enforcement agencies. Those who operate or own a "protected computer" can give permission for authorities to intercept communications carried out on the machine, thus bypassing the requirements of the Wiretap statute. The definition of a "protected computer" is defined in 18 U.S.C. § 1030(e)(2) and broadly encompasses those computers used in interstate or foreign commerce or communication, including ones located outside the United States.

There is already concern that Chinese and Korean built mobile phones can potentially be used to collect data for their parent companies. Currently Samsung are working on buying Blackberry - which is causing some consternation in Canada from a security point of view!

Well considering all our POTS telephone conversations are being monitored and stored - enough companies sell this technology to governments - not sure what the fuss is all about. At least with skype *I* can keep a copy too

People rely on Skype for secure communications? Who are these people? They're using a communications tool freely given to them by a giant multinational corporate with close ties to the US government and known to implement a buggy proprietary security protocol and expecting to get secure and private communications? What world are these people living in?

Discussing lolcats pictures, minecraft adventures, calling your parents, sexchatting midgets, whatever - that's all fine on Skype and similar services. But who in their right minds would do their terrorist bomb planning, drug deal scheduling, kidnapping details or secret evil megacorp plans on something not opensource?

No, I don't like the (pretty much official) .gov backdoors, but I had no illusions of Skype being secure before the Microsoft buyout, and anybody who did were naïve.

Of course, there aren't a lot of people who are in their right minds. I remember there was a guy in Florida who walked into a police station - to report that somebody stole his cocaine... For somebody like that, maybe Skype is a step up in security.

Edited to add: While I am not one of those people who subscribe to the "if you aren't doing anything wrong, you shouldn't worry about who's looking over your shoulder" theory, I do think, if you care about security, you need to worry about it yourself. Or, at the very least, decide who you're going to rely on. Relying on a government or big corporation to protect you goes beyond naive. For as long as I've used Skype, I've assumed it was only fit for conversations I wouldn't mind showing up on YouTube someday. Some may consider that overly cynical, but the point is that I thought about it. Putting all your trust in some mythical "Big Brother", be it governmental or corporate, is going to get you burned, sooner or later.

Since I'm not doing anything I have any special reason to conceal from the government (beyond a general preference to keep my life private), I'm more concerned with the corporate efforts to assemble data on everyone. Because, even if you "like" the company collecting it right now (and "liking" a corporation strikes me as a naive stance in the first place) you have no way of knowing who it will be sold on to, or how it may be used. And the notion of companies trying to peer inside my head for their benefit makes my teeth itch.

Of course, there aren't a lot of people who are in their right minds. I remember there was a guy in Florida who walked into a police station - to report that somebody stole his cocaine... For somebody like that, maybe Skype is a step up in security.